@mrbelloc/encrypted-store 0.2.0

package/LICENSE.md

@@ -0,0 +1,11 @@
+# Released under MIT License
+
+Copyright (c) 2013 Mark Otto.
+
+Copyright (c) 2017 Andrew Fong.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -0,0 +1,212 @@
+# Encrypted Store
+
+Client-side encrypted storage with change detection for PWAs. Built on [Fireproof](https://use-fireproof.com).
+
+**For small data that can live in memory** - Designed for PWAs that manage datasets that fit comfortably in browser memory.
+
+## Features
+
+- 🔐 AES-256-GCM encryption before storage
+- 🔄 Real-time change detection (added/changed/deleted events)
+- 📱 PWA-ready with offline-first support
+- 🌐 Optional remote sync (PartyKit, Netlify)
+- 📦 TypeScript with full type safety
+
+## Installation
+
+```bash
+npm install @mrbelloc/encrypted-store
+```
+
+## Quick Start
+
+```typescript
+import { EncryptedStore, fireproof } from "@mrbelloc/encrypted-store";
+
+// Create database and encrypted store
+const db = fireproof("myapp");
+const store = new EncryptedStore(db, "my-password", {
+  docsAdded: (events) => {
+    events.forEach(({ table, docs }) => {
+      console.log(`New ${table}:`, docs);
+    });
+  },
+  docsChanged: (events) => {
+    events.forEach(({ table, docs }) => {
+      console.log(`Updated ${table}:`, docs);
+    });
+  },
+  docsDeleted: (events) => {
+    events.forEach(({ table, docs }) => {
+      console.log(`Deleted ${table}:`, docs);
+    });
+  },
+});
+
+// Load existing data
+await store.loadAll();
+
+// Create/update documents
+await store.put("users", { _id: "alice", name: "Alice", age: 30 });
+
+// Get documents
+const user = await store.get("users", "alice");
+
+// Delete documents
+await store.delete("users", "alice");
+```
+
+## API Reference
+
+### `new EncryptedStore(db, password, listener)`
+
+Creates an encrypted store.
+
+- `db`: Fireproof database instance
+- `password`: Encryption password (string)
+- `listener`: Object with three callbacks:
+  - `docsAdded(events: TableEvent[])`: Fired when new documents are added
+  - `docsChanged(events: TableEvent[])`: Fired when documents are updated
+  - `docsDeleted(events: TableEvent[])`: Fired when documents are deleted
+
+Each `TableEvent` has:
+
+- `table`: Document type (e.g., "users", "transactions")
+- `docs`: Array of documents with that type
+
+### `await store.loadAll()`
+
+Loads all existing documents and sets up change detection. Call this once after creating the store.
+
+### `await store.put(type, doc)`
+
+Creates or updates a document.
+
+- `type`: Document type / table name (string)
+- `doc`: Document object with `_id` field (will be generated if missing)
+
+Returns the document.
+
+### `await store.get(type, id)`
+
+Retrieves a document by type and ID. Returns `null` if not found.
+
+### `await store.delete(type, id)`
+
+Deletes a document by type and ID.
+
+## Remote Sync
+
+Sync encrypted data across devices with any Fireproof connector:
+
+```typescript
+// Install the connector you want
+// npm install @fireproof/partykit
+// or
+// npm install @fireproof/netlify
+
+import { connect } from "@fireproof/partykit";
+// or
+// import { connect } from "@fireproof/netlify";
+
+// Connect using the connector function
+await store.connectRemote(connect, {
+  namespace: "my-app",
+  host: "http://localhost:1999", // or your server URL
+});
+
+// Disconnect
+store.disconnectRemote();
+
+// Works with any connector that follows the Fireproof connector interface
+```
+
+**Note:** Remote servers only see encrypted blobs - they cannot read your data.
+
+## How It Works
+
+1. **Encryption**: Documents are encrypted with AES-256-GCM before storage
+2. **Storage**: Encrypted blobs stored in Fireproof (local-first IndexedDB)
+3. **Change Detection**: Fireproof's subscribe notifies us of changes
+4. **Diff Computation**: We track IDs and decrypt only changed documents
+5. **Events**: Your app gets organized events by table (added/changed/deleted)
+
+## Example: React Integration
+
+```typescript
+import { useState, useEffect } from "react";
+import { EncryptedStore, fireproof } from "@mrbelloc/encrypted-store";
+
+function useEncryptedStore(dbName: string, password: string) {
+  const [users, setUsers] = useState<Map<string, any>>(new Map());
+  const [store, setStore] = useState<EncryptedStore | null>(null);
+
+  useEffect(() => {
+    const db = fireproof(dbName);
+    const encryptedStore = new EncryptedStore(db, password, {
+      docsAdded: (events) => {
+        events.forEach(({ table, docs }) => {
+          if (table === "users") {
+            setUsers((prev) => {
+              const next = new Map(prev);
+              docs.forEach((doc) => next.set(doc._id, doc));
+              return next;
+            });
+          }
+        });
+      },
+      docsChanged: (events) => {
+        events.forEach(({ table, docs }) => {
+          if (table === "users") {
+            setUsers((prev) => {
+              const next = new Map(prev);
+              docs.forEach((doc) => next.set(doc._id, doc));
+              return next;
+            });
+          }
+        });
+      },
+      docsDeleted: (events) => {
+        events.forEach(({ table, docs }) => {
+          if (table === "users") {
+            setUsers((prev) => {
+              const next = new Map(prev);
+              docs.forEach((doc) => next.delete(doc._id));
+              return next;
+            });
+          }
+        });
+      },
+    });
+
+    encryptedStore.loadAll();
+    setStore(encryptedStore);
+  }, [dbName, password]);
+
+  return { users: Array.from(users.values()), store };
+}
+```
+
+## TypeScript Types
+
+```typescript
+interface TableEvent {
+  table: string;
+  docs: Doc[];
+}
+
+interface StoreListener {
+  docsAdded: (events: TableEvent[]) => void;
+  docsChanged: (events: TableEvent[]) => void;
+  docsDeleted: (events: TableEvent[]) => void;
+}
+
+interface Doc {
+  _id: string;
+  [key: string]: any;
+}
+```
+
+## License
+
+MIT

package/dist/encryptedStore.d.ts

@@ -0,0 +1,89 @@
+/**
+ * Encrypted storage with change detection for small datasets
+ * Wraps Fireproof with AES-256-GCM encryption + real-time event system
+ */
+interface Doc {
+    _id: string;
+    [key: string]: any;
+}
+export interface TableEvent {
+    table: string;
+    docs: Doc[];
+}
+export interface StoreListener {
+    docsAdded: (events: TableEvent[]) => void;
+    docsChanged: (events: TableEvent[]) => void;
+    docsDeleted: (events: TableEvent[]) => void;
+}
+export interface RemoteConnectOptions {
+    namespace: string;
+    host: string;
+}
+export interface SyncConnection {
+    ready?: Promise<void>;
+    disconnect?: () => void;
+}
+export type ConnectorFunction = (db: FireproofDb, namespace: string, host: string) => SyncConnection;
+export interface FireproofDb {
+    put(doc: any): Promise<{
+        id: string;
+        rev?: string;
+    }>;
+    get(id: string): Promise<any>;
+    query(field: string, options?: {
+        limit?: number;
+        descending?: boolean;
+    }): Promise<{
+        docs?: any[];
+        rows: Array<{
+            key: string;
+            doc?: any;
+            value?: any;
+        }>;
+    }>;
+    subscribe(callback: (changes: any[]) => void, remote?: boolean): void;
+    del(id: string, rev?: string): Promise<any>;
+}
+/**
+ * EncryptedStore class
+ *
+ * Main entry point for encrypted storage with change detection
+ */
+export declare class EncryptedStore {
+    private db;
+    private encryptionHelper;
+    private listener;
+    private knownIds;
+    private fullIdMap;
+    private isSubscribed;
+    private connection;
+    constructor(db: FireproofDb, password: string, listener: StoreListener);
+    /** Load all documents and set up change detection (call once after creating store) */
+    loadAll(): Promise<void>;
+    /** Create or update a document */
+    put(type: string, doc: any): Promise<Doc>;
+    /** Get a document (returns null if not found) */
+    get(type: string, id: string): Promise<Doc | null>;
+    /** Delete a document */
+    delete(type: string, id: string): Promise<void>;
+    /** Connect to remote sync with any Fireproof connector */
+    connectRemote(connector: ConnectorFunction, options: RemoteConnectOptions): Promise<void>;
+    /** Disconnect from remote sync */
+    disconnectRemote(): void;
+    /** Read all encrypted documents (without decrypting) */
+    private readAllEncrypted;
+    /**
+     * Process Fireproof changes: { _id, d? }
+     * With d = create/update, without d = deletion
+     */
+    private handleChange;
+    private decryptFromEncryptedData;
+    private encryptDoc;
+    private decryptDoc;
+    private parseFullId;
+    private generateId;
+    private groupByTable;
+    private groupDeletedByTable;
+}
+export {};
+//# sourceMappingURL=encryptedStore.d.ts.map

package/dist/encryptedStore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptedStore.d.ts","sourceRoot":"","sources":["../src/encryptedStore.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,UAAU,GAAG;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,GAAG,EAAE,CAAC;CACb;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,IAAI,CAAC;IAC1C,WAAW,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,IAAI,CAAC;IAC5C,WAAW,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,IAAI,CAAC;CAC7C;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,IAAI,CAAC;CACzB;AAED,MAAM,MAAM,iBAAiB,GAAG,CAC9B,EAAE,EAAE,WAAW,EACf,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,KACT,cAAc,CAAC;AAEpB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrD,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9B,KAAK,CACH,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,OAAO,CAAA;KAAE,GACjD,OAAO,CAAC;QACT,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QACb,IAAI,EAAE,KAAK,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,GAAG,CAAC,EAAE,GAAG,CAAC;YAAC,KAAK,CAAC,EAAE,GAAG,CAAA;SAAE,CAAC,CAAC;KACtD,CAAC,CAAC;IACH,SAAS,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,IAAI,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IACtE,GAAG,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;CAC7C;AAUD;;;;GAIG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,EAAE,CAAc;IACxB,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,QAAQ,CAAgB;IAChC,OAAO,CAAC,QAAQ,CAA0B;IAC1C,OAAO,CAAC,SAAS,CAAkC;IACnD,OAAO,CAAC,YAAY,CAAkB;IACtC,OAAO,CAAC,UAAU,CAA+B;gBAErC,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa;IAMtE,sFAAsF;IAChF,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAsC9B,kCAAkC;IAC5B,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAqB/C,iDAAiD;IAC3C,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;IAWxD,wBAAwB;IAClB,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWrD,0DAA0D;IACpD,aAAa,CACjB,SAAS,EAAE,iBAAiB,EAC5B,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,IAAI,CAAC;IA2BhB,kCAAkC;IAClC,gBAAgB,IAAI,IAAI;IAQxB,wDAAwD;YAC1C,gBAAgB;IAyB9B;;;OAGG;YACW,YAAY;YA6DZ,wBAAwB;YAiBxB,UAAU;YAuBV,UAAU;IAcxB,OAAO,CAAC,WAAW;IAWnB,OAAO,CAAC,UAAU;IASlB,OAAO,CAAC,YAAY;IAuBpB,OAAO,CAAC,mBAAmB;CAqB5B"}

package/dist/encryptedStore.js

@@ -0,0 +1,293 @@
+/**
+ * Encrypted storage with change detection for small datasets
+ * Wraps Fireproof with AES-256-GCM encryption + real-time event system
+ */
+import { EncryptionHelper } from "./encryption";
+/**
+ * EncryptedStore class
+ *
+ * Main entry point for encrypted storage with change detection
+ */
+export class EncryptedStore {
+    constructor(db, password, listener) {
+        this.knownIds = new Set(); // Set of known document IDs (stripped, e.g., "alice")
+        this.fullIdMap = new Map(); // stripped id -> full id with table
+        this.isSubscribed = false;
+        this.connection = null;
+        this.db = db;
+        this.encryptionHelper = new EncryptionHelper(password);
+        this.listener = listener;
+    }
+    /** Load all documents and set up change detection (call once after creating store) */
+    async loadAll() {
+        const { encryptedMap, fullIdMap } = await this.readAllEncrypted();
+        this.fullIdMap = fullIdMap;
+        // Build initial set of known IDs
+        this.knownIds = new Set(encryptedMap.keys());
+        // Decrypt all documents for initial docsAdded event
+        const docs = [];
+        for (const [id, encryptedData] of encryptedMap) {
+            try {
+                const decrypted = await this.decryptFromEncryptedData(encryptedData, id);
+                docs.push(decrypted);
+            }
+            catch (error) {
+                // Skip documents we can't decrypt
+            }
+        }
+        // Fire initial docsAdded for everything, grouped by table
+        if (docs.length > 0) {
+            const events = this.groupByTable(docs, fullIdMap);
+            this.listener.docsAdded(events);
+        }
+        // Set up subscribe (only once)
+        if (!this.isSubscribed) {
+            this.db.subscribe((changes) => {
+                this.handleChange(changes).catch((err) => {
+                    console.error("EncryptedStore: Error handling change:", err);
+                });
+            }, true); // Include remote changes
+            this.isSubscribed = true;
+        }
+    }
+    /** Create or update a document */
+    async put(type, doc) {
+        // Generate ID if not provided
+        if (!doc._id) {
+            doc._id = this.generateId();
+        }
+        // Build full ID with type prefix
+        const fullId = `${type}_${doc._id}`;
+        // Encrypt the document
+        const encryptedDoc = await this.encryptDoc(doc, fullId);
+        // Store in Fireproof
+        await this.db.put(encryptedDoc);
+        // Fireproof's subscribe will trigger handleChange()
+        // which will reload, compute diff, and fire events
+        return doc;
+    }
+    /** Get a document (returns null if not found) */
+    async get(type, id) {
+        const fullId = `${type}_${id}`;
+        try {
+            const encryptedDoc = await this.db.get(fullId);
+            return await this.decryptDoc(encryptedDoc, id);
+        }
+        catch (error) {
+            // Document not found
+            return null;
+        }
+    }
+    /** Delete a document */
+    async delete(type, id) {
+        // Build full ID with type prefix
+        const fullId = `${type}_${id}`;
+        // Delete from Fireproof
+        await this.db.del(fullId);
+        // Fireproof's subscribe will trigger handleChange()
+        // which will detect the deletion and fire docsDeleted event
+    }
+    /** Connect to remote sync with any Fireproof connector */
+    async connectRemote(connector, options) {
+        this.disconnectRemote();
+        try {
+            console.log(`[EncryptedStore] Connecting to ${options.host} with namespace: ${options.namespace}`);
+            // Call the connector function
+            const connection = connector(this.db, options.namespace, options.host);
+            // Store connection
+            this.connection = {
+                ready: connection.ready || Promise.resolve(),
+                disconnect: connection.disconnect,
+            };
+            // Wait for connection to be ready
+            await this.connection.ready;
+            console.log(`[EncryptedStore] ✓ Connected to remote`);
+        }
+        catch (error) {
+            console.error(`[EncryptedStore] ✗ Failed to connect:`, error);
+            this.connection = null;
+            throw error;
+        }
+    }
+    /** Disconnect from remote sync */
+    disconnectRemote() {
+        if (this.connection && this.connection.disconnect) {
+            this.connection.disconnect();
+            console.log("[EncryptedStore] Disconnected from remote");
+        }
+        this.connection = null;
+    }
+    /** Read all encrypted documents (without decrypting) */
+    async readAllEncrypted() {
+        const result = await this.db.query("_id", { descending: false });
+        const encryptedMap = new Map();
+        const fullIdMap = new Map();
+        // Get docs from either result.docs or result.rows
+        const allDocs = result.docs || result.rows.map((row) => row.doc).filter(Boolean);
+        for (const doc of allDocs) {
+            try {
+                const { type, id } = this.parseFullId(doc._id);
+                encryptedMap.set(id, doc.d); // Store encrypted data
+                fullIdMap.set(id, doc._id); // Map "alice" -> "users_alice"
+            }
+            catch (error) {
+                // Skip documents with invalid ID format
+            }
+        }
+        return { encryptedMap, fullIdMap };
+    }
+    /**
+     * Process Fireproof changes: { _id, d? }
+     * With d = create/update, without d = deletion
+     */
+    async handleChange(changes) {
+        const newDocs = [];
+        const changedDocs = [];
+        const deletedDocs = [];
+        for (const change of changes) {
+            if (change.d) {
+                // Has encrypted data - it's a create or update
+                try {
+                    const { type, id } = this.parseFullId(change._id);
+                    // Decrypt the document
+                    const decrypted = await this.decryptFromEncryptedData(change.d, id);
+                    // Check if it's new or changed
+                    if (this.knownIds.has(id)) {
+                        changedDocs.push(decrypted);
+                    }
+                    else {
+                        newDocs.push(decrypted);
+                        this.knownIds.add(id);
+                        this.fullIdMap.set(id, change._id); // Update fullIdMap for new docs
+                    }
+                }
+                catch (error) {
+                    // Skip documents we can't decrypt or parse
+                }
+            }
+            else {
+                // No encrypted data - it's a deletion
+                try {
+                    const { type, id } = this.parseFullId(change._id);
+                    if (this.knownIds.has(id)) {
+                        deletedDocs.push({ _id: id });
+                        this.knownIds.delete(id);
+                        // Keep fullIdMap entry for the deletion event, remove after
+                    }
+                }
+                catch (error) {
+                    // Skip invalid IDs
+                }
+            }
+        }
+        // Fire events grouped by table
+        if (newDocs.length > 0) {
+            const events = this.groupByTable(newDocs, this.fullIdMap);
+            this.listener.docsAdded(events);
+        }
+        if (changedDocs.length > 0) {
+            const events = this.groupByTable(changedDocs, this.fullIdMap);
+            this.listener.docsChanged(events);
+        }
+        if (deletedDocs.length > 0) {
+            const events = this.groupDeletedByTable(deletedDocs);
+            this.listener.docsDeleted(events);
+            // Clean up fullIdMap entries for deleted docs
+            for (const doc of deletedDocs) {
+                this.fullIdMap.delete(doc._id);
+            }
+        }
+    }
+    async decryptFromEncryptedData(encryptedData, id) {
+        // Decrypt the data
+        const decryptedJson = await this.encryptionHelper.decrypt(encryptedData);
+        const decryptedData = JSON.parse(decryptedJson);
+        // Build final document
+        const doc = {
+            _id: id,
+            ...decryptedData,
+        };
+        return doc;
+    }
+    async encryptDoc(doc, fullId) {
+        // Extract fields to encrypt (everything except _id)
+        const dataToEncrypt = {};
+        for (const [key, value] of Object.entries(doc)) {
+            if (!key.startsWith("_")) {
+                dataToEncrypt[key] = value;
+            }
+        }
+        // Encrypt as JSON
+        const encrypted = await this.encryptionHelper.encrypt(JSON.stringify(dataToEncrypt));
+        // Build encrypted doc
+        const encryptedDoc = {
+            _id: fullId,
+            d: encrypted,
+        };
+        return encryptedDoc;
+    }
+    async decryptDoc(encryptedDoc, id) {
+        // Decrypt the 'd' field
+        const decryptedJson = await this.encryptionHelper.decrypt(encryptedDoc.d);
+        const decryptedData = JSON.parse(decryptedJson);
+        // Build final document
+        const doc = {
+            _id: id,
+            ...decryptedData,
+        };
+        return doc;
+    }
+    parseFullId(fullId) {
+        const firstUnderscore = fullId.indexOf("_");
+        if (firstUnderscore === -1) {
+            throw new Error(`Invalid document ID format: ${fullId}`);
+        }
+        return {
+            type: fullId.substring(0, firstUnderscore),
+            id: fullId.substring(firstUnderscore + 1),
+        };
+    }
+    generateId() {
+        // Use crypto.randomUUID if available, otherwise fallback
+        if (typeof crypto !== "undefined" && crypto.randomUUID) {
+            return crypto.randomUUID();
+        }
+        // Fallback for environments without crypto.randomUUID
+        return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+    }
+    groupByTable(docs, fullIdMap) {
+        const grouped = new Map();
+        for (const doc of docs) {
+            const fullId = fullIdMap.get(doc._id);
+            if (fullId) {
+                const { type } = this.parseFullId(fullId);
+                if (!grouped.has(type)) {
+                    grouped.set(type, []);
+                }
+                grouped.get(type).push(doc);
+            }
+        }
+        return Array.from(grouped.entries()).map(([table, docs]) => ({
+            table,
+            docs,
+        }));
+    }
+    groupDeletedByTable(deletedDocs) {
+        const grouped = new Map();
+        for (const doc of deletedDocs) {
+            const fullId = this.fullIdMap.get(doc._id);
+            if (fullId) {
+                const { type } = this.parseFullId(fullId);
+                if (!grouped.has(type)) {
+                    grouped.set(type, []);
+                }
+                grouped.get(type).push(doc);
+            }
+        }
+        return Array.from(grouped.entries()).map(([table, docs]) => ({
+            table,
+            docs: docs, // Cast since deletedDocs is simpler structure
+        }));
+    }
+}
+//# sourceMappingURL=encryptedStore.js.map

package/dist/encryptedStore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptedStore.js","sourceRoot":"","sources":["../src/encryptedStore.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAwDhD;;;;GAIG;AACH,MAAM,OAAO,cAAc;IASzB,YAAY,EAAe,EAAE,QAAgB,EAAE,QAAuB;QAL9D,aAAQ,GAAgB,IAAI,GAAG,EAAE,CAAC,CAAC,sDAAsD;QACzF,cAAS,GAAwB,IAAI,GAAG,EAAE,CAAC,CAAC,oCAAoC;QAChF,iBAAY,GAAY,KAAK,CAAC;QAC9B,eAAU,GAA0B,IAAI,CAAC;QAG/C,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,gBAAgB,GAAG,IAAI,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACvD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,sFAAsF;IACtF,KAAK,CAAC,OAAO;QACX,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAClE,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAE3B,iCAAiC;QACjC,IAAI,CAAC,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC;QAE7C,oDAAoD;QACpD,MAAM,IAAI,GAAU,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,EAAE,EAAE,aAAa,CAAC,IAAI,YAAY,EAAE,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,wBAAwB,CACnD,aAAa,EACb,EAAE,CACH,CAAC;gBACF,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,kCAAkC;YACpC,CAAC;QACH,CAAC;QAED,0DAA0D;QAC1D,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAClD,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC5B,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACvC,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,GAAG,CAAC,CAAC;gBAC/D,CAAC,CAAC,CAAC;YACL,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,yBAAyB;YACnC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,KAAK,CAAC,GAAG,CAAC,IAAY,EAAE,GAAQ;QAC9B,8BAA8B;QAC9B,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QAC9B,CAAC;QAED,iCAAiC;QACjC,MAAM,MAAM,GAAG,GAAG,IAAI,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;QAEpC,uBAAuB;QACvB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAExD,qBAAqB;QACrB,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAEhC,oDAAoD;QACpD,mDAAmD;QAEnD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,GAAG,CAAC,IAAY,EAAE,EAAU;QAChC,MAAM,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC/C,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,qBAAqB;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,KAAK,CAAC,MAAM,CAAC,IAAY,EAAE,EAAU;QACnC,iCAAiC;QACjC,MAAM,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QAE/B,wBAAwB;QACxB,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAE1B,oDAAoD;QACpD,4DAA4D;IAC9D,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,aAAa,CACjB,SAA4B,EAC5B,OAA6B;QAE7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,IAAI,CAAC;YACH,OAAO,CAAC,GAAG,CACT,kCAAkC,OAAO,CAAC,IAAI,oBAAoB,OAAO,CAAC,SAAS,EAAE,CACtF,CAAC;YAEF,8BAA8B;YAC9B,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;YAEvE,mBAAmB;YACnB,IAAI,CAAC,UAAU,GAAG;gBAChB,KAAK,EAAE,UAAU,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,EAAE;gBAC5C,UAAU,EAAE,UAAU,CAAC,UAAU;aAClC,CAAC;YAEF,kCAAkC;YAClC,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;YAC9D,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YACvB,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,gBAAgB;QACd,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;YAClD,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACzB,CAAC;IAED,wDAAwD;IAChD,KAAK,CAAC,gBAAgB;QAI5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;QACjE,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;QAE5C,kDAAkD;QAClD,MAAM,OAAO,GACX,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnE,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,CAAC;gBACH,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC/C,YAAY,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,uBAAuB;gBACpD,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,+BAA+B;YAC7D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,wCAAwC;YAC1C,CAAC;QACH,CAAC;QAED,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;IACrC,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,YAAY,CAAC,OAAc;QACvC,MAAM,OAAO,GAAU,EAAE,CAAC;QAC1B,MAAM,WAAW,GAAU,EAAE,CAAC;QAC9B,MAAM,WAAW,GAA2B,EAAE,CAAC;QAE/C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,MAAM,CAAC,CAAC,EAAE,CAAC;gBACb,+CAA+C;gBAC/C,IAAI,CAAC;oBACH,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAElD,uBAAuB;oBACvB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAEpE,+BAA+B;oBAC/B,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;wBAC1B,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBAC9B,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;wBACxB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;wBACtB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,gCAAgC;oBACtE,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,2CAA2C;gBAC7C,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,sCAAsC;gBACtC,IAAI,CAAC;oBACH,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAElD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;wBAC1B,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;wBAC9B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;wBACzB,4DAA4D;oBAC9D,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,mBAAmB;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YAC1D,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YAC9D,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;YACrD,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAElC,8CAA8C;YAC9C,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;gBAC9B,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,wBAAwB,CACpC,aAAqB,EACrB,EAAU;QAEV,mBAAmB;QACnB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACzE,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAEhD,uBAAuB;QACvB,MAAM,GAAG,GAAQ;YACf,GAAG,EAAE,EAAE;YACP,GAAG,aAAa;SACjB,CAAC;QAEF,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,GAAQ,EAAE,MAAc;QAC/C,oDAAoD;QACpD,MAAM,aAAa,GAAQ,EAAE,CAAC;QAC9B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzB,aAAa,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,kBAAkB;QAClB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CACnD,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAC9B,CAAC;QAEF,sBAAsB;QACtB,MAAM,YAAY,GAAiB;YACjC,GAAG,EAAE,MAAM;YACX,CAAC,EAAE,SAAS;SACb,CAAC;QAEF,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,YAAiB,EAAE,EAAU;QACpD,wBAAwB;QACxB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC1E,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAEhD,uBAAuB;QACvB,MAAM,GAAG,GAAQ;YACf,GAAG,EAAE,EAAE;YACP,GAAG,aAAa;SACjB,CAAC;QAEF,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,WAAW,CAAC,MAAc;QAChC,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,+BAA+B,MAAM,EAAE,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,eAAe,CAAC;YAC1C,EAAE,EAAE,MAAM,CAAC,SAAS,CAAC,eAAe,GAAG,CAAC,CAAC;SAC1C,CAAC;IACJ,CAAC;IAEO,UAAU;QAChB,yDAAyD;QACzD,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACvD,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,CAAC;QACD,sDAAsD;QACtD,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IACxE,CAAC;IAEO,YAAY,CAClB,IAAW,EACX,SAA8B;QAE9B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiB,CAAC;QAEzC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACtC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;gBAC1C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACxB,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3D,KAAK;YACL,IAAI;SACL,CAAC,CAAC,CAAC;IACN,CAAC;IAEO,mBAAmB,CACzB,WAAmC;QAEnC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkC,CAAC;QAE1D,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC3C,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;gBAC1C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACxB,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3D,KAAK;YACL,IAAI,EAAE,IAAW,EAAE,8CAA8C;SAClE,CAAC,CAAC,CAAC;IACN,CAAC;CACF"}

package/dist/encryption.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Interface defining the subset of the Web Crypto API that we use
+ */
+interface CryptoInterface {
+    subtle: {
+        digest(algorithm: string, data: BufferSource): Promise<ArrayBuffer>;
+        importKey(format: string, keyData: BufferSource, algorithm: string | object, extractable: boolean, keyUsages: string[]): Promise<CryptoKey>;
+        encrypt(algorithm: string | object, key: CryptoKey, data: BufferSource): Promise<ArrayBuffer>;
+        decrypt(algorithm: string | object, key: CryptoKey, data: BufferSource): Promise<ArrayBuffer>;
+    };
+    getRandomValues<T extends ArrayBufferView>(array: T): T;
+}
+declare class DecryptionError extends Error {
+    constructor(message: string);
+}
+declare class EncryptionHelper {
+    private keyPromise;
+    private readonly passphrase;
+    private readonly crypto;
+    /**
+     * @param passphrase - The passphrase used for encryption/decryption
+     * @param crypto - Optional crypto implementation. If not provided, uses the global crypto object.
+     *                 This parameter is primarily for testing purposes.
+     */
+    constructor(passphrase: string, crypto?: CryptoInterface);
+    private getKey;
+    private static fromHexString;
+    private static toHexString;
+    encrypt(data: string): Promise<string>;
+    decrypt(data: string): Promise<string>;
+}
+export { EncryptionHelper, DecryptionError };
+export type { CryptoInterface };
+//# sourceMappingURL=encryption.d.ts.map

package/dist/encryption.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../src/encryption.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,UAAU,eAAe;IACvB,MAAM,EAAE;QACN,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;QACpE,SAAS,CACP,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,YAAY,EACrB,SAAS,EAAE,MAAM,GAAG,MAAM,EAC1B,WAAW,EAAE,OAAO,EACpB,SAAS,EAAE,MAAM,EAAE,GAClB,OAAO,CAAC,SAAS,CAAC,CAAC;QACtB,OAAO,CACL,SAAS,EAAE,MAAM,GAAG,MAAM,EAC1B,GAAG,EAAE,SAAS,EACd,IAAI,EAAE,YAAY,GACjB,OAAO,CAAC,WAAW,CAAC,CAAC;QACxB,OAAO,CACL,SAAS,EAAE,MAAM,GAAG,MAAM,EAC1B,GAAG,EAAE,SAAS,EACd,IAAI,EAAE,YAAY,GACjB,OAAO,CAAC,WAAW,CAAC,CAAC;KACzB,CAAC;IACF,eAAe,CAAC,CAAC,SAAS,eAAe,EAAE,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC;CACzD;AAED,cAAM,eAAgB,SAAQ,KAAK;gBACrB,OAAO,EAAE,MAAM;CAK5B;AAED,cAAM,gBAAgB;IACpB,OAAO,CAAC,UAAU,CAAmC;IACrD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IAEzC;;;;OAIG;gBACS,UAAU,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,eAAe;YAO1C,MAAM;IAkBpB,OAAO,CAAC,MAAM,CAAC,aAAa;IAM5B,OAAO,CAAC,MAAM,CAAC,WAAW;IAOpB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgBtC,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAqB7C;AAED,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,CAAC;AAC7C,YAAY,EAAE,eAAe,EAAE,CAAC"}

package/dist/encryption.js

@@ -0,0 +1,66 @@
+class DecryptionError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "DecryptionError";
+        Object.setPrototypeOf(this, DecryptionError.prototype);
+    }
+}
+class EncryptionHelper {
+    /**
+     * @param passphrase - The passphrase used for encryption/decryption
+     * @param crypto - Optional crypto implementation. If not provided, uses the global crypto object.
+     *                 This parameter is primarily for testing purposes.
+     */
+    constructor(passphrase, crypto) {
+        this.keyPromise = null;
+        this.passphrase = passphrase;
+        this.crypto =
+            crypto ||
+                (typeof window !== "undefined" ? window.crypto : global.crypto);
+    }
+    async getKey() {
+        if (this.keyPromise) {
+            return this.keyPromise;
+        }
+        const enc = new TextEncoder();
+        const pwUtf8 = enc.encode(this.passphrase);
+        const pwHash = await this.crypto.subtle.digest("SHA-256", pwUtf8);
+        this.keyPromise = this.crypto.subtle.importKey("raw", pwHash, "AES-GCM", true, ["encrypt", "decrypt"]);
+        return this.keyPromise;
+    }
+    static fromHexString(hexString) {
+        return new Uint8Array(hexString.match(/.{1,2}/g).map((byte) => parseInt(byte, 16)));
+    }
+    static toHexString(bytes) {
+        return bytes.reduce((str, byte) => str + byte.toString(16).padStart(2, "0"), "");
+    }
+    async encrypt(data) {
+        const enc = new TextEncoder();
+        const key = await this.getKey();
+        const encoded = enc.encode(data);
+        const iv = this.crypto.getRandomValues(new Uint8Array(12));
+        const ciphertext = await this.crypto.subtle.encrypt({
+            name: "AES-GCM",
+            iv: iv,
+        }, key, encoded);
+        return `${EncryptionHelper.toHexString(iv)}|${EncryptionHelper.toHexString(new Uint8Array(ciphertext))}`;
+    }
+    async decrypt(data) {
+        const key = await this.getKey();
+        const [iv, ciphertext] = data
+            .split("|")
+            .map((s) => EncryptionHelper.fromHexString(s));
+        try {
+            const decrypted = await this.crypto.subtle.decrypt({
+                name: "AES-GCM",
+                iv: iv,
+            }, key, ciphertext);
+            return new TextDecoder().decode(decrypted);
+        }
+        catch (e) {
+            throw new DecryptionError(`Could not decrypt: ${e instanceof Error ? e.message : String(e)}`);
+        }
+    }
+}
+export { EncryptionHelper, DecryptionError };
+//# sourceMappingURL=encryption.js.map

package/dist/encryption.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../src/encryption.ts"],"names":[],"mappings":"AA2BA,MAAM,eAAgB,SAAQ,KAAK;IACjC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC;CACF;AAED,MAAM,gBAAgB;IAKpB;;;;OAIG;IACH,YAAY,UAAkB,EAAE,MAAwB;QAThD,eAAU,GAA8B,IAAI,CAAC;QAUnD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,MAAM;YACT,MAAM;gBACN,CAAC,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAE,MAAc,CAAC,MAAM,CAAC,CAAC;IAC7E,CAAC;IAEO,KAAK,CAAC,MAAM;QAClB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC,UAAU,CAAC;QACzB,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAClE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5C,KAAK,EACL,MAAM,EACN,SAAS,EACT,IAAI,EACJ,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;QACF,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAEO,MAAM,CAAC,aAAa,CAAC,SAAiB;QAC5C,OAAO,IAAI,UAAU,CACnB,SAAS,CAAC,KAAK,CAAC,SAAS,CAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAC9D,CAAC;IACJ,CAAC;IAEO,MAAM,CAAC,WAAW,CAAC,KAAiB;QAC1C,OAAO,KAAK,CAAC,MAAM,CACjB,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EACvD,EAAE,CACH,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,IAAY;QACxB,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CACjD;YACE,IAAI,EAAE,SAAS;YACf,EAAE,EAAE,EAAE;SACP,EACD,GAAG,EACH,OAAO,CACR,CAAC;QACF,OAAO,GAAG,gBAAgB,CAAC,WAAW,CAAC,EAAE,CAAC,IAAI,gBAAgB,CAAC,WAAW,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;IAC3G,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,IAAY;QACxB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,MAAM,CAAC,EAAE,EAAE,UAAU,CAAC,GAAG,IAAI;aAC1B,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;QACjD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAChD;gBACE,IAAI,EAAE,SAAS;gBACf,EAAE,EAAE,EAAE;aACP,EACD,GAAG,EACH,UAA0B,CAC3B,CAAC;YACF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,eAAe,CACvB,sBAAsB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACnE,CAAC;QACJ,CAAC;IACH,CAAC;CACF;AAED,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Encrypted storage with change detection for small datasets in PWAs
+ * Built on Fireproof with AES-256-GCM encryption
+ * @packageDocumentation
+ */
+export { EncryptedStore } from "./encryptedStore";
+export type { StoreListener, FireproofDb, TableEvent, ConnectorFunction, RemoteConnectOptions, SyncConnection, } from "./encryptedStore";
+export { EncryptionHelper, DecryptionError } from "./encryption";
+export type { CryptoInterface } from "./encryption";
+export declare const VERSION = "0.2.0";
+export { fireproof } from "use-fireproof";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,YAAY,EACV,aAAa,EACb,WAAW,EACX,UAAU,EACV,iBAAiB,EACjB,oBAAoB,EACpB,cAAc,GACf,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACjE,YAAY,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAEpD,eAAO,MAAM,OAAO,UAAU,CAAC;AAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC"}

package/dist/index.js

@@ -0,0 +1,10 @@
+/**
+ * Encrypted storage with change detection for small datasets in PWAs
+ * Built on Fireproof with AES-256-GCM encryption
+ * @packageDocumentation
+ */
+export { EncryptedStore } from "./encryptedStore";
+export { EncryptionHelper, DecryptionError } from "./encryption";
+export const VERSION = "0.2.0";
+export { fireproof } from "use-fireproof";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAUlD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAGjE,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC"}

package/package.json

@@ -0,0 +1,62 @@
+{
+  "name": "@mrbelloc/encrypted-store",
+  "version": "0.2.0",
+  "description": "Client-side encrypted storage with change detection for small datasets in PWAs",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js",
+    "test:watch": "node --experimental-vm-modules node_modules/jest/bin/jest.js --watch",
+    "build": "tsc --project tsconfig.build.json",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist",
+    "format": "prettier --write \"src/**/*.ts\"",
+    "format:check": "prettier --check \"src/**/*.ts\"",
+    "prepare": "husky"
+  },
+  "keywords": [
+    "encryption",
+    "storage",
+    "fireproof",
+    "pwa"
+  ],
+  "author": "Pablo de León Belloc <pablolb@gmail.com>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/pablolb/encrypted-store.git"
+  },
+  "homepage": "https://github.com/pablolb/encrypted-store#readme",
+  "bugs": {
+    "url": "https://github.com/pablolb/encrypted-store/issues"
+  },
+  "files": [
+    "dist",
+    "!dist/**/__tests__",
+    "README.md"
+  ],
+  "devDependencies": {
+    "@fireproof/partykit": "^0.19.118",
+    "@types/jest": "^29.5.11",
+    "@types/node": "^20.10.6",
+    "husky": "^9.1.7",
+    "jest": "^29.7.0",
+    "jest-environment-jsdom": "^30.2.0",
+    "lint-staged": "^16.2.7",
+    "partykit": "^0.0.115",
+    "partysocket": "^1.1.10",
+    "prettier": "^3.7.4",
+    "ts-jest": "^29.1.1",
+    "typescript": "^5.3.3"
+  },
+  "dependencies": {
+    "multiformats": "^13.4.2",
+    "use-fireproof": "^0.19.0"
+  },
+  "lint-staged": {
+    "src/**/*.ts": [
+      "prettier --write"
+    ]
+  }
+}